---

CVE-2020-13674 - log back

CVE-2020-13674 edited at 21 Sep 2021 11:36:18
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Cross-site request forgery
Description	+ The Drupal QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. + + Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.
References	+ https://www.drupal.org/sa-core-2021-006
Notes

CVE-2020-13674 created at 21 Sep 2021 11:34:35